Pages

Wednesday, January 4, 2012

Global Sensitive Information Extraction from DOM – post DOM based XSS

DOM centered single page HTML5 and Web 2.0 applications are using GLOBAL variables to manage client side critical information. During consulting we have seen few applications managing client side session data on GLOBALS. These global objects are using JSON or Array. In some cases they are string as well.

For example,

Once user gets authenticated it gets a Script tag and along with an array like below to set global set of variables.

In many cases it has sensitive information like tokens, public profile URLs, private URLs for information access, cross domain oAuth values, user/pass as temp variables etc. It has interesting set of information and it can be extracted in case of DOM based XSS. These DOM driven applications are single page and these set of values are accessible across application life cycle.

Here is an example of extracting JSON, Array and string from browser. It can be used as part of XSS testing and exploitation once it is found. It is interesting to add in XSS exploitation tools like BeeF. We are using it with node.js and customized payload for our routine test cases.

Below script will look for object and using JSON.stringfy for Firefox only else jquery plugin can help.

for(i in window){

obj=window[i];

if(obj!=null||obj!=undefined)

var type = typeof(obj);

if(type=="object"||type=="string")

{

console.log("Name:"+i)

try{

my=JSON.stringify(obj);

console.log(my)

}catch(ex){}

}

}

Just to fetch extracted values we are running in firebug and redirecting on console.

Really interesting stuff – check with your popular mailing and social networking sites.

Subscribe to the blog

About us

Blueinfy specializes in application security with a clear strategic focus. We provide products and services to evaluate and improve the overall security posture of enterprise applications, websites and software deployed worldwide. We continually strive to ensure complete security of our clients' applications and software assets, and to achieve this through state-of-the-art know-how built by enhancing methodologies, evolving tools and researching technologies. [Explore us]